[FLSA-2004:1284] Updated kernel resolves security vulnerabilities

Jesse Keating jkeating at j2solutions.net
Tue Mar 2 18:57:16 UTC 2004


-----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated kernel resolves security vulnerabilities
Advisory ID:       FLSA:1284
Issue date:        2004-03-02
Product:           Red Hat Linux
Keywords:          Security
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=1284
CVE Names:         CAN-2004-0077, CAN-2004-0075, CAN-2004-0010, 
CAN-2004-0003
-----------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated kernel packages that fix security vulnerabilities which may 
allow local users to gain root privileges are now available. These 
packages also resolve other minor issues.

2. Relevent releases/architectures:

Red Hat Linux 7.2 - i386, i586, i686, athlon
Red Hat Linux 7.3 - i386, i586, i686, athlon
Red Hat Linux 8.0 - i386, i586, i686, athlon

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in return value checking in mremap() in 
the Linux kernel versions 2.4.24 and previous that may allow a local 
attacker to gain root privileges. No exploit is currently available; 
however this issue is exploitable. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0077 
to this issue.

The Vicam USB driver in kernel versions prior to 2.4.25 does not use the 
copy_from_user function to access userspace, which crosses security 
boundaries. The Common Vulnerabilities and Exposures project 
(cve.mitre.org) has assigned the name CAN-2004-0075 to this issue.

Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could
allow local privilege escalation. ncpfs is only used to allow a system 
to mount volumes of NetWare servers or print to NetWare printers. The 
Common Vulnerabilities and Exposures project (cve.mitre.org) has 
assigned the name CAN-2004-0010 to this issue.

Alan Cox found issues in the R128 Direct Render Infrastructure that 
could allow local privilege escalation. The Common Vulnerabilities and 
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 
to this issue.

All users are advised to upgrade to these errata packages, which contain
backported security patches that correct these issues.

Fedora Legacy would like to thank Paul Starzetz from ISEC for reporting 
the issue CAN-2004-0077, and Dominic Hargreaves for providing 
backported rpms for all issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which 
are not installed but included in the list will not be updated.  Note 
that you can also use wildcards (*.rpm) if your current directory 
*only* contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the 
appropriate RPMs being upgraded on your system.  This assumes that you 
have yum or apt-get configured for obtaining Fedora Legacy content. 
Please visit http://www.fedoralegacy.org/download for directions on how 
to configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 1284 - KERNEL: r128 dri AND do_mremap VMA 
limit local privilege escalation vulnerability

6. RPMs required:

Red Hat Linux 7.2:

SRPM:
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

i568:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

i568:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm

Red Hat Linux 8.0:

SRPM:
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/kernel-2.4.20-30.8.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-BOOT-2.4.20-30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-doc-2.4.20-30.8.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm

i568:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8.legacy.i586.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i586.rpm

i686:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-bigmem-2.4.20-30.8.legacy.i686.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i686.rpm

athlon:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-2.4.20-30.8.legacy.athlon.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.athlon.rpm

7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------------

4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86  
7.2/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d  
7.2/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f  
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5  
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c  
7.2/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4  
7.2/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358  
7.2/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599  
7.2/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd  
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f  
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77  
7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322  
7.2/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86  
7.3/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm
f97d96d3238aa1bb314896699e280a31ed85529d  
7.3/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm
cf0e03315d942140fbb439521684705d25e59a8f  
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm
d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5  
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm
debfa2741248dccffdade72b8efe3b94d0e2483c  
7.3/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm
989873968805dca5a7abd47dfb0c6dfca8a110b4  
7.3/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm
17a5a3b267339f1b20870cdcf586f5784b632358  
7.3/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm
15c40d84c061917f08e0c6b540bc49999ed18599  
7.3/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm
f1460dafa968105647f38983d795b2693692fbfd  
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm
15f1ac18efcf20c6f7c2f1fdcd803562704e507f  
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm
3c0fdeb92cd1d549b643bf91429dd1b79a067e77  
7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm
c64a8cef6e9ec35454a397229b2a15a60bba5322  
7.3/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm

8eea381f80412a9421d25b1466d084cbbf5e1cee  
8.0/updates/SRPMS/kernel-2.4.20-30.8.legacy.src.rpm
77ee4d29f593a4746e70a6ac55f9791d3183803e  
8.0/updates/i386/kernel-2.4.20-30.8.legacy.athlon.rpm
b1ba3b73d03294d4b31756eb6086bfffd4ef9958  
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i386.rpm
cd49df62f704ed4e11be197fdae0920de1e1c584  
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i586.rpm
467c2613862985f16e07db103d7d88ab914ea73c  
8.0/updates/i386/kernel-2.4.20-30.8.legacy.i686.rpm
63e243113b85a57ccaaaf0bcdf1468d7f8290001  
8.0/updates/i386/kernel-BOOT-2.4.20-30.8.legacy.i386.rpm
ea960ffbacd83cdb2b0ae78e612da5099121f77c  
8.0/updates/i386/kernel-bigmem-2.4.20-30.8.legacy.i686.rpm
842cea04dad3976173afb6609c19615eff88aa8a  
8.0/updates/i386/kernel-doc-2.4.20-30.8.legacy.i386.rpm
e07e04ffef20d0f3fd66cd8cc46d7f2d7d1c2af0  
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.athlon.rpm
a2a81a0ebe3e7433e339881bd1ba6177f75599c8  
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i586.rpm
8625244b0dca1a71fe9b74769f6376af9495b333  
8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i686.rpm
4f6b05bc2296a0b37bc9528fd0e36d4e8f69ff67  
8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077
https://rhn.redhat.com/errata/RHSA-2004-065.html
https://bugzilla.fedora.us/show_bug.cgi?id=1284


9. Contact:

The Fedora Legacy security contact is <secnotice at fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

10. Special Notes:

If you use lilo, you will have to edit your lilo.conf file and shorten 
the label of this kernel.  The label is too long for lilo, but not for 
grub.

---------------------------------------------------------------------

--
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040302/22107968/attachment.sig>


More information about the fedora-legacy-list mailing list